Re: Fwd: debian-russian

To: <debian-russian@lists.debian.org>
Subject: Re: Fwd: debian-russian
From: "Alexey A. Tchuykov" <tal@trolza.ru>
Date: Tue, 8 Apr 2003 15:52:43 +0400
Message-id: <[🔎] 006b01c2fdc5$6228a250$0201a8c0@ws002>
References: <[🔎] 9813173332.20030408132444@samal.kz> <[🔎] 20030408073500.GD14652@drumulator.nnov.stelt.ru> <[🔎] 004601c2fdb4$f8257460$0201a8c0@ws002> <[🔎] 20030408094831.GA18323@drumulator.nnov.stelt.ru>

> > > у меня же следующий вопрос к знатокам OpenLDAP: как сделать starttls
> > > обязательным к исполнению любыми клиентами?
> > > --
> > > Yuri Pimenov
> > Могу ошибаться.
> > Но клиенты должны обращатся к серверу по протоколу ldaps:\\hostname
> > т.е должны поддерживать SSL.
> > А далее идет обмен SSL сертификатами и установка соединения.
> TLS != SSL. Давайте таки уточним, о чем мы.
> --
> Yuri Pimenov
Не буду вдаваться в споры сам точно не знаю но
в даном случае TLS ~ SSL

OpenLDAP 2.1 Administrator's Guide
11.2.2. Client Configuration
Most of the client configuration directives parallel the server directives.
The names of the directives are different, and they go into ldap.conf(5)
instead of slapd.conf(5), but their functionality is mostly the same. Also,
while most of these options may be configured on a system-wide basis, they
may all be overridden by individual users in their .ldaprc files.

11.2.2.1. TLS_CACERT <filename>
This is equivalent to the server's TLSCACertificateFile option. As noted in
the TLS Configuration section, a client typically may need to know about
more CAs than a server, but otherwise the same considerations apply.

11.2.2.2. TLS_CACERTDIR <path>
This is equivalent to the server's TLSCACertificatePath option. The
specified directory must be managed with the OpenSSL c_rehash utility as
well.

11.2.2.3. TLS_CERT <filename>
This directive specifies the file that contains the client certificate. This
is a user-only directive and can only be specified in a user's .ldaprc file.

11.2.2.4. TLS_KEY <filename>
This directive specifies the file that contains the private key that matches
the certificate stored in the TLS_CERT file. The same constraints mentioned
for TLSCertificateKeyFile apply here. This is also a user-only directive.

11.2.2.5. TLS_RANDFILE <filename>
This directive is the same as the server's TLSRandFile option.

11.2.2.6. TLS_REQCERT { never | allow | try | demand }
This directive is equivalent to the server's TLSVerifyClient option.
However, for clients the default value is demand and there generally is no
good reason to change this setting.

11.2.2.7. TLS { never | hard }
This directive specifies whether client connections should use TLS by
default. The default setting is never which specifies that connections will
be opened in the clear unless TLS is explicitly specified using an
"ldaps://" URL. When set to hard all connections will be established with
TLS, as if an "ldaps://" URL was specified. Note that the use of ldaps is a
holdover from LDAPv2 and this setting is incompatible with the LDAPv3
StartTLS request. As such, it's best not to use this option.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Это помоему то что нужно.


>
>
> --
> To UNSUBSCRIBE, email to debian-russian-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>

Reply to:

References:
- Fwd: debian-russian
  - From: Tulebay <tulebay@samal.kz>
- Re: Fwd: debian-russian
  - From: Yuri Pimenov <icct@nnov.stelt.ru>
- Re: Fwd: debian-russian
  - From: "Alexey A. Tchuykov" <tal@trolza.ru>
- Re: Fwd: debian-russian
  - From: Yuri Pimenov <icct@nnov.stelt.ru>

Prev by Date: Re: vmware 3.2.0
Next by Date: Re: gprof нагло врет ?!
Previous by thread: Re: Fwd: debian-russian
Next by thread: Re: Fwd: debian-russian
Index(es):
- Date
- Thread